<!doctype html>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="./support/testharness-helper.sub.js"></script>
<body></body>
<script>
    function waitForViolation(el, t, policy, blockedURI) {
      return new Promise(resolve => {
        el.addEventListener('securitypolicyviolation', e => {
          if (e.originalPolicy == policy && e.blockedURI == blockedURI)
            resolve(e);
          else
            t.unreached_func("Unexpected violation event for " + e.blockedURI)();
        });
      });
    }

    async_test(t => {
      var i = document.createElement("img");
      var redirect = generateCrossOriginRedirectImage();
      i.src = redirect.url;

      // Report-only policy should trigger a violation on the redirected request.
      waitForViolation(window, t, "img-src https:", new URL(redirect.url, window.location).href).then(t.step_func(e => {
        t.done();
      }));

      document.body.appendChild(i);
    }, "Image that redirects to http:// URL prohibited by Report-Only must generate a violation report, even with upgrade-insecure-requests");
</script>
</html>
